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AMENDMENTS TO THE CLAIMS 



The listing of claims will replace all prior versions, and listings, of claims in (he 
application: 

Listing of Claims : 



1- (Currently Amended) In a security heterogenic computer network supporting 
different security descriptor specifications, the computer network having one or more devices 



that use a first security descriptor that follows a first 
security permissions related to a particular object, the 



devices that use a second security descriptor that follows a second security descriptor 



iecurily descriptor specification to describe 
computer network also having one or more 



to that same particular object, a incLhod of 
security descriptor with the second security 
e synchronization or the first and second 
urity specifications may be used in the 



specification to describe security permissions relatct 
replicating in a non-degenerative fashion the first 
descriptor specification, the method facilitating tt 
security descriptor specifications so that both 
computer network, the method comprising the following: 

a step for converting the first sccJ-ity descriptor that follows the first security 
descriptor specification into a version of (the first security descriptor that follows the 
second security descriptor specification; 

a step for comparing the converted Version of the first security descriptor that 
follows the second security descriptor specification with the second security descriptor 
that also follows the second security descriptor specification; and 

an act of changing the second security descriptor to reflect at least some or the 
changes represented in the gonvetied yeijsion of the first security descripto r in order to 

security descriptor am nfinA g Yj^V(^rif| 



assure th at anv changes to the sp cond 
reversible 



2. (Original) A method in accordance with Claim 1, whercin the first security 
descriptor specification is the 4,0 specification, 



V 
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3. (Original) A mclhod in accord Ace with Claim 2, wherein Ihe second security 
descriptor specification is the Active Directory i pecification. 

(Original) A mclhod in accordance with Claim 1, wherein the first security 



descriptor specification is the Active Directory 



specification. 




5. (Original) A method in accordance with Claim 4, wheiein the second security 
descriptor specification is the 4.0 specification 

6. (Original) A method in accordance with Claim 1, wherein the slep for converting 
the first security descriptor that follows the fiiit security descriptor specification into a version of 
the first security descriptor that follows the Lcond security descriptor specification comprises 
the following: 

an act of consulting mapping rules that define mappings of rights of the first 
security descriptor specification to rights of the second security descriptor specification; 

for each right for which thers is a corresponding mapping rule, converting the 
right that follows the first security d sscriptor specification to a corresponding right that 
follows the second security descripto: specification; and 

an act of assembling each corresponding right that follows the second security 
descriptor specification to form a vision of the first security descriptor that follows the 
second security descriptor specification. 



7, (Currently Amended) A methjod 
comparing the converted version of the first 
descriptor specification with the second 
descriptor specification comprises the following: 
for each right for which t 
comparing the right in the version o 
security descriptor specification to 

based on the act of comparhg 
descriptor that are not reflected in the 



in accordance with Claim 1, wherein the step for 
security descriptor that follows the second security 
security descriptor that also follows the second security 



i the 



lere is a corresponding mapping rule, an act or 
the first security descriptor that follows the second 
right in the second security descriptor; and 

an act of detecting changes in the first security 
second security descriptor. 
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8. (Currently Amended) In a secuiW heterogenic computer network supporting 
different security descriptor specification*, the coLutcr network having one or more devices 
that use a first security descriptor (hat follows a fi/st security descriptor specification to describe 
security permissions related to a particular objec tithe computer network also having one or more 
devices that use a second security descriptor that follows a second security descriptor 
specification to describe security permissions rc/aled to that same particular object, a method of 
replicating in a non-degenerative foshion the first security descriptor with the second security 
descriptor specification, the method facilitating the synchronization of the first and second 
security descriptor specifications so that bcih security specifications may be used in the 
computer network, the method comprising the following: 

an act of consulting mapping/rules that define mappings or rights of the first 
security descriptor specification to rights of the second security descriptor specification; 

for each right for which there ik a corresponding mapping rule, convert! ng the 
right that follows the first security descriptor specification to a corresponding right that 
follows the second security descriptor specification; 

an act of assembling each corresponding right that follows the second security 
descriptor specification to form a vdrsion of the first security descriptor that follows the 

. .. . . second security descriptor specification; - - 

for each right for which there is a corresponding mapping rule, an act of 
comparing the convened . ri ght in tlL version of the first security descriptor that follows 
the second security descriptor specification to the right in the second security descriptor; 

based on the act of comparing, an act of detecting changes in the conver ted first 
security descriptor that are not reacted in the second security descriptor; and 

an act of changing the seco id security descriptor to reflect ihe delected changes in 
the first security descriptor in elder to assuixUhjU^ngc^ 



descriptor arc non-degenerative imt 



descriptor specification is the 4.0 specifica 



reversible . 



(Original) A method in accordance with Claim 8, wherein the first security 



ion. 

V 
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10. (Original) A method in accordance with Claim 9, wherein the second security 
descriptor specification is the Active Directory specification. 



11. (Original) A method in Accordance with Claim 8, wherein the first security 
descriptor specification is the Active Directory specification. 

12. (Original) A method in Accordance with Claim 11, wherein the second security 
descriptor specification is the 4.0 specification. 
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13. (Currently Amended) A computer program product for use in a security 
heterogenic computer network supporting different security descriptor specifications, the 
computer network having one or more devices thit use a first security descriptor that follows a 
first security descriptor specification to describl security permissions related to a particular 
object, the computer network also having onef or more devices that use a second security 
descriptor that follows a second security descrip/or specification to describe security permissions 
related to that same particular object, the compLr program product for implementing a method 
of replicating in a non-degenerative fashion tbj! first security descriptor with the second security 
descriptor specification, the method facilitating the synchronization of the first and second 
security descriptor specifications so that bith security specifications may be used in the 
computer network, the computer program Lduct comprising a computer-readable medium 
having computer-executable instructions for dcrfbrrning the following: 

a step for converting the firsl security descriptor that follows the first security 

descriptor specification into a versijn of the first security descriptor mat follows the 

second security descriptor specification; 



a step for comparing the con 



ertcdversion of the first security descriptor that 



follows the second security dcscript<jr specification with the second security descriptor 
thai also follows the second security descriptor specification; and 

an act of changing the second security descriptor to reflect at least some of the 
changes represented in the convene djveraion of the first security descripto r in order to 



reversible . 

14, (Original) A computer 
first security descriptor specification is the 



ins ure that any changes to th ft c^ ly ^ rrip , nr rirP „ deftcneraliw 5 fln , , 



program product in accordance with Claim 13, wherein the 
0 specification. 



i 5. (Original) A computer 
second security descriptor specification is 



1 6. (Original) A computer 
first security descriptor specification is the / 



program product in accordance with Claim 14, wherein the 
tfle Active Directory specification. 



prognfm product in accordance with Claim 14, wherein Ihc 
ctive Directory specification. 
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17, (Original) A computer program prolluct in accordance with Claim 16, wherein the 
second security descriptor specification is the 4.0 ipecificaUon. 

18. (Original) A computer program priduct in accordance wilh Claim 13, wherein the 
computer-executable instructions for performing the step for converting the first security 
descriptor that follows the first security descriptor specification into a version of the first security 
descriptor that follows the second security/ descriptor specification comprise computer- 
executable instructions for performing the following: 

an act of consulting mapping Lies that define mapping of rights of the first 
security descriptor specification to righi of the second security descriptor specification; 

for each right for which there is a corresponding mapping rule, converting the 
right that follows the first security descriptor specification to a corresponding right that 
follows the second security descriptor Specification; and 

an act of assembling each co responding right that follows the second security 
descriptor specification to form a veriion of the first security descriptor that follows the 
second security descriptor specificatidn, 

19. (Currently Amended) A compter program product in accordance with Claim 1 3 
wherein the computer-executable instructions for performing the stop for comparing the 
cojw^version of the first security descriptor that follows the second security descriptor 
specification with the second security descriptor that also follows the second security descriptor 
specification comprise computer-executable instructions for performing the following: 

for each right for which there is a corresponding mapping ru l e , an act of 

comparing the right in the version or the first security descriptor that follows the second 

security descriptor specification to trie right in the second security descriptor; and 

based on the act of comparing, an act of detecting changes in the first security 

descriptor that are not reflected in th| second security descriptor. 
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20. (Currently Amended) A computer program product for use in a security 
heterogenic computer network supporting di/fcrent security descriptor specifications tho 
computer network having one or more deviceslhat use a first securily descriptor thai follow, a 
first security descriptor specification to des Jibe security permissions related to a pauicular 
object, the computer network also having oLc or more devices that use a second security 
desenptor that follows a second security descriptor specification to describe security permissions 
related to that same particular object, a compter program product for implementing a method of 
cheating in a non-degenerative fashion thi first security descriptor with the second security 
desenptor specification, the method facilitating tho synchronization of the first and second 
security descriptor specifications so that Lth security specifications may be used in ihe 
computer network, the computer program/ product comprising a computer-readable medium 
having computer-executable instructions [oj performing the following: 

an act of consulting mappiL rules that define mappings of rights of the first 
security descriptor specification to jfights of the second security descriptor specification; 

for each right for which the/e is a corresponding mapping rule, convening the ' 
right that follows the first security descriptor specification to a corresponding right that 
follows the second security descriptor specification; 

an act of assembling cacll corresponding right that follows the second security 
descriptor specification to form J version of the first security descriptor that follows the 
second securily descriptor specification; 

for each right for whict there is a corresponding mapping rule, an acl of 
comparing the smy^right d the version of the first securily descriptor that follows 
the second security descriptor specification to the right in the second security descriptor; 

based on the act of comparing, an act of detecting changes j n the conycrlcd first 
security descriptor that are not reflected in the second security descriptor; and 

an act of changing the seWd sccu rity descriptor to reflect the detected chants in 
the first security ^criprorjnl^ 
descriptor am nn n-degen^rn ti ve/and re vcrsfojg 



2 1 . (Original) A computer 
f5rst security descriptor specification is 



•rogram product in accordance with Claim 20, wherein the 
the 4.0 specification. 
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22. (Original) A computer prograAi product in accordance with Claim 21, wherein Ihc 
second security descriptor specification is the Active Directory specification. 

23. (Original) A computer proiara product in accordance with Claim 20, wherein the 
first security descriptor specification is the Active Directory specification. 

24. (Original) A computer p/ogram product in accordance with Claim 23, wherein the 
second security descriptor specificatioi/is the 4.0 specification. 
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25 



4>\ 



(Currently Amended) A computer s|rstcm comprising the following: 
a processing device; and / 

a combination of one or more cLputcr-readable media which in combination 
have stored thereon the following: / 

a first data structure that represents a first security descriptor that follows a 
first security descriptor specification and that represents an object; 

a second data structure hat represents a second security descripior that 
follows a second security descriptor specification and that also represent* the 
object; 

a third data structure thai represent mapping rules that correlate sets of one 
or more rights of the first security descriptor specification which sets of one or 
more rights of the second sccurii y descriptor specification; and 

computer-executable injtruction that, when executed by the processor, 
perform the following: 

a step for convening the first security descriptor that follows the 
specification into a version of the first security 
descriptor that follows the second security descriptor specification; 

a step for eorapaUg the conysctcd version of the first security 
descriptor that follows the second security descriptor specification with 
the second security descriptor that also follows the second security 
descriptor specification and 

an act of changing the second security descriptor to reflect at least 



first security descriptor 



some of the changes 
security descriptor in 



represented in the CijayertecLversion of the first 
order to assnr* ihm r ri anges to ih? munH 
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26. (Canceled) A computer-ncadable^edium having stored thereon the following: 

a first data structure that reprints a first security descriptor that follows a first 
security descriptor fipecification^Wat represents an object; 

a second data structu/ ^presents a second security descriptor that follows a 
second security descriptor ^ecin^5»d lhat also represents the object; 

a third data structuk t^repre^nt mapping rules that correlate sets of one or 
more rights of the first sccurWdescri/tor specification which sets of one or more rights 
of the second security descriptor 0eci fication; and 

a fourth data stmct^lnat represents a version of the first security descriptor that 
follows the second security descriptor specification. 
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